Blog Posts Tagged with "Code Review"

812d096e189ecbac061ebfe343f91e1e

To “Open Source” or “Not to Open Source”

July 27, 2012 Added by:Andrew Sanicola

Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

What’s Going Right with Your Secure Development Efforts?

May 04, 2012 Added by:Fergal Glynn

Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?

Comments  (0)

B6eb8da5e7785a2eb11555021097c28a

Pitting Education Against Cyber Attacks

March 26, 2012 Added by:Frank Kim

In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Scanning Applications Faster - A Chicken vs. Egg Problem

October 09, 2011 Added by:Rafal Los

We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Web Application Attack and Audit Framework 1.0 Released

June 03, 2011 Added by:Headlines

"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Think You Can’t Afford Code/App Testing? Think Again...

May 19, 2011 Added by:Brent Huston

Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Implementing Complex Systems for Testing Application Logic

March 07, 2011 Added by:Rafal Los

Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance Psychology - The Legacy Code

March 04, 2011 Added by:Rafal Los

An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Application Vulnerabilities are Like Landmines

March 02, 2011 Added by:Ron Lepofsky

Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...

Comments  (0)

E973b16363b3de77b360563237df7e32

Top 5 Ridiculous Hacking Scenes in Movies

November 03, 2010 Added by:Bozidar Spirovski

Like any technology-fed phenomenon with increasing public exposure, hacking is often ill-conceived and exaggerated in movie scenes. The following are five of the most implausible and amusing scenes that have resulted from this approach to hacker depiction in movies...

Comments  (13)

Fc152e73692bc3c934d248f639d9e963

How Do You Know That Your Software Is Secure?

August 17, 2010 Added by:PCI Guru

Software is everywhere these days, and is in almost everything from flat panel televisions to furnaces. As more devices get connected to networks, the risk that backdoors or sleeper code will be used to obtain surreptitious access to these devices increases...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI DSS and Code Reviews

August 02, 2010 Added by:PCI Guru

Requirement 6.6 of the PCI DSS discusses the concept of code reviews or the implementation of an application firewall to protect Internet facing applications...

Comments  (4)